Credentials (Passwords, Access
Keys, and MFA devices)

Review the following guides to manage passwords for your AWS account and for IAM
users. You'll also find information about access keys—the secret
key that you use to make programmatic calls to AWS.

AWS
Security Credentials – Describes the types of credentials
you use to access Amazon Web Services, explains how to create and manage them, and
includes
recommendations for managing access keys securely.

Using Multi-Factor Authentication (MFA) in AWS – Describes how to configure
your account and IAM users to require both a password and a one-time use code that
is
generated on a device before sign-in is allowed. (This is sometimes called two-factor
authentication.)

Permissions and Policies

Learn the inner workings of IAM policies and find tips on the best ways to confer
permissions:

Policies and Permissions – Describes how permissions can be
attached to users or groups or, for some AWS products, to resources themselves.

IAM Policy
Simulator – Test whether a policy would allow or deny a
specific AWS action. The following video (6:28) provides an overview and shows the
policy simulator in action.

Federation and Delegation

You can grant access to resources in your AWS account for users who are authenticated
(signed in) elsewhere. These can be IAM users in another AWS account (known as
delegation), users who are authenticated with your organization's
sign-in process, or users from an Internet identity provider like Login with Amazon,
Facebook,
Google, or any other OpenID Connect (OIDC) compatible identity provider. In these
cases, the
users get temporary security credentials to access AWS resources.

IAM and Other AWS Products

Most AWS products are integrated with IAM so that you can use IAM features to help
protect access to the resources in those products. The following resources discuss
IAM and
security for some of the most popular AWS products. For a complete list of products
that
work with IAM, including links to more information on each, see AWS Services That Work with
IAM.

Using IAM with Amazon DynamoDB

The following video (8:55) explains how to provide access control for individual
DynamoDB database items or attributes (or both).

General Security Practices

Find expert tips and guidance on the best ways to secure your AWS account and
resources:

AWS Security Best Practices (PDF) – Provides an in-depth
look at how to manage security across AWS accounts and products, including suggestions
for security architecture, use of IAM, encryption and data security, and more.

IAM Best Practices – Offers recommendations for ways to use IAM to help secure your
AWS account and resources.

AWS CloudTrail User Guide – Use AWS CloudTrail to track a
history of API calls made to AWS and store that information in log files. This helps
you
determine which users and accounts accessed resources in your account, when the calls
were
made, what actions were requested, and more.

AWS Whitepapers
– Links to a comprehensive list of technical AWS whitepapers, covering
topics such as architecture, security, and economics and authored by AWS
Solutions Architects or other technical experts.

AWS Support Center
– The hub for creating and managing your
AWS Support cases. Also includes links to other helpful
resources, such as forums, technical FAQs,
service health status, and AWS Trusted Advisor.

AWS Support
– The primary web page for information
about AWS Support, a one-on-one, fast-response support
channel to help you build and run applications in the cloud.

Contact Us
– A central contact point for inquiries concerning
AWS billing, account, events, abuse, and other issues.

AWS Site Terms
– Detailed information about our copyright
and trademark; your account, license, and site access;
and other topics.

Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's
Help pages for instructions.